Researchers: Be Wary Of New Trojan Attacks

A yet to be named developer has released a free software development kit for a new Trojan horse considered to be similar to the Zeus banking Trojan - prompting a warning from researchers at a German security firm.

A yet to be named developer has released a free software development kit for a new Trojan horse considered to be similar to the Zeus banking Trojan - prompting a warning from researchers at a German security firm.The Trojan is dubbed Ares, and is geared toward providing cyber-criminals a way to spread malware through infected Web sites (exactly more of what we don't need). From G Data security firm's announcement:

As Ares has so many potential variants, it can be used for almost any attack on any target. We believe one of the eventual uses will be to spread Trojans aimed at online banking users. Internet users need to protect themselves by making sure they have anti-malware solutions in place that monitor all HTTP traffic and can block dangerous websites before they are called up on work and personal computers."

With or without a new Trojan, users should be following that advice every day.

According to G Data, Ares is very familiar to the Zeus banking Trojan - which infected millions of users - in that its design is modular, and that means attackers can use the code in many different ways. I supposed it could also make it more difficult for anti-virus applications to quickly identify.

The Ares author, according to G Data, will be releasing an Ares software development kit soon:

Underlining the commerciality of modern malware, a software development kit for the Trojan is available for free to 'trustworthy developers' on condition that a license fee is paid to Ares' developer when modules are sold on to third parties. Other potential users can buy the development kit for up to US $6,000, although a 'starter pack' with reduced functionality can also be purchased for US $850. As is customary in the malware industry, payment is made via an anonymous online payment service - in this case WebMoney - so that neither the purchaser nor the vendor need reveal their true identity.

Hopefully Ares (named after the Greek god of war) won't live up to its name and fizzles. Regardless, attackers aren't sleeping, and neither are those engaged in the underground industry designed to support them.

Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.

Published: 2017-05-09NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.